If you use Google Chrome, you need to stop reading this and update your browser this very second.
Google on Thursday released the latest update to its popular browser (version 88.0.4324.150), which patches a critical zero-day vulnerability that hackers have already exploited.
To check for Chrome updates, click on Chrome in the menu, then About Google Chrome, or simply put chrome://settings/help in the address bar.
Google said the vulnerability, dubbed “CVE-2021-21148,” was reported to the company on Jan. 24 by software developer Mattias Buelens. “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the company said.
While Google didn’t expand on what those “reports” are, the day after Buelens filed the bug report, Google’s Threat Analysis Group published a report detailing a campaign by what they believe were North Korean nation-state hackers against a slew of cybersecurity professionals. Three days later, on Jan. 28, Microsoft security researchers published their own report, further detailing the hacking campaign by the hacking group, which they dubbed “ZINC” and is also known as “Lazarus.”
Hopefully, the new Chrome patch locks out those hackers and anyone else who knew about the CVE-2021-21148 zero-day. (Again, it’s possible they exploited a different vulnerability, but the timing of all these reports suggest they’re connected.) Regardless, Chrome users should make sure to update the browser immediately.